Mercurial > dovecot > core-2.2
changeset 21320:1bdfc555f6a3
lib: *_new(): Use the new MALLOC_MULTIPLY() macro to avoid overflows
Cast the sizeof() result to unsigned int, because it's definitely always
enough and in many cases this allows optimizing away the wrap-check.
author | Timo Sirainen <timo.sirainen@dovecot.fi> |
---|---|
date | Mon, 12 Dec 2016 04:55:47 +0200 |
parents | a3bbf15ea8d7 |
children | d80f9583a9ec |
files | src/lib/data-stack.h src/lib/mempool.h |
diffstat | 2 files changed, 4 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib/data-stack.h Mon Dec 12 04:53:02 2016 +0200 +++ b/src/lib/data-stack.h Mon Dec 12 04:55:47 2016 +0200 @@ -87,7 +87,8 @@ size_t t_get_bytes_available(void) ATTR_PURE; #define t_new(type, count) \ - ((type *) t_malloc0(sizeof(type) * (count))) + ((type *) t_malloc0(MALLOC_MULTIPLY((unsigned int)sizeof(type), (count))) + \ + COMPILE_ERROR_IF_TRUE(sizeof(type) > UINT_MAX)) /* Returns pointer to a temporary buffer you can use. The buffer will be invalid as soon as next t_malloc() is called!
--- a/src/lib/mempool.h Mon Dec 12 04:53:02 2016 +0200 +++ b/src/lib/mempool.h Mon Dec 12 04:55:47 2016 +0200 @@ -69,7 +69,8 @@ size_t pool_get_exp_grown_size(pool_t pool, size_t old_size, size_t min_size); #define p_new(pool, type, count) \ - ((type *) p_malloc(pool, sizeof(type) * (count))) + ((type *) p_malloc(pool, MALLOC_MULTIPLY((unsigned int)sizeof(type), (count))) + \ + COMPILE_ERROR_IF_TRUE(sizeof(type) > UINT_MAX)) static inline void * ATTR_MALLOC ATTR_RETURNS_NONNULL p_malloc(pool_t pool, size_t size) {